Remote verification of user presence and identity

ABSTRACT

A system for verifying presence and identity of a user on a remote computer comprises a server connected to a networked communication system; a remote computer including an interface for a digital key, wherein the remote computer is connected to the networked communication system; a digital key that connects to the remote computer via the interface, wherein the digital key contains an encrypted key; a processor on the remote computer for reading digital key from the digital key and transmitting the encrypted key to the server over the networked communications system; and a computer program executing on the remote computer that captures behavioral data of the user and transmits the behavioral data to the server over the networked communications system.

RELATED APPLICATION

This application is a continuation application and claims priority to U.S. provisional application No. 61/528,024, entitled “REMOTE VERIFICATION OF USER PRESENCE AND IDENTITY” filed on Aug. 26, 2011, which claims priority to U.S. provisional application No. 61/405,643, filed on Oct. 21, 2010.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to the field of remote computing and, more specifically, the present invention relates to the field of security in remote computer environments.

2. Description of the Related Art

The distance learning movement is a field of education that focuses on teaching methods and technology with the aim of delivering teaching and education to students who are not physically present in a traditional educational setting, such as a classroom. The distance learning process creates and provides access to learning, usually via the Internet, when the source of information and the learners are separated by time and distance, or both.

One of the issues associated with distance learning is the verification of presence and identity of students. The teaching provider has an interest in verifying that a student is actually sitting at a computer and interacting with it, so as to ensure that the student is present during a class. It is also important that the teaching provider verify the identity of the student, so as to prevent the student from having another person attend a class or take an exam. The currently available distance learning software does not adequately solve the aforementioned problems with the prior art.

Therefore, what is needed is a system and method for improving the problems with the prior art, and more particularly for a more efficient system and method for verifying the presence and identity of remote users of a computer system.

BRIEF SUMMARY OF THE INVENTION

Embodiments of the present invention address deficiencies of the art in respect to distance learning and provide a novel and non-obvious system and method for remotely verifying presence and identity in a distance learning environment. In an embodiment of the invention, a system for verifying presence and identity of a user on a remote computer comprises a server connected to a networked communication system; a remote computer including an interface for a digital key, wherein the remote computer is connected to the networked communication system; a digital key that connects to the remote computer via the interface, wherein the digital key contains an encrypted key; a processor on the remote computer for reading digital key from the digital key and transmitting the encrypted key to the server over the networked communications system; and a computer program executing on the remote computer that captures behavioral data of the user and transmits the behavioral data to the server over the networked communications system.

In another embodiment of the invention, a method for verifying presence and identity of a user on a remote computer comprises receiving, by a remote computer connected to the networked communication system, an encrypted key from a digital key connected to an interface of the remote computer; reading, by a processor on the remote computer, the encrypted key from the digital key; transmitting, by the processor, the encrypted key to the server over the networked communications system; capturing, by a computer program executing on the remote computer, behavioral data of the user; and transmitting, by the computer program, the behavioral data of the user to the server over the networked communications system.

Additional aspects of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The aspects of the invention will be realized and attained by means of the elements and combinations particularly pointed out in the appended claims. It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute part of this specification, illustrate embodiments of the invention and together with the description, serve to explain the principles of the invention. The embodiments illustrated herein are presently preferred, it being understood, however, that the invention is not limited to the precise arrangements and instrumentalities shown, wherein:

FIG. 1 is a block diagram illustrating a network architecture of a remote presence and identity verification system, in accordance with one embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

The present invention improves upon the problems with the prior art by providing verification of remote users of a computer system in a user-friendly and safe manner. The present invention allows for more secure user verification by requiring that users carry and utilize small, unobtrusive security tokens that hold encrypted keys unique to the user. The present invention further allows for the automatic and seamless storage and transmittal of behavioral data of the user during usage, which may be used to verify the presence and interaction of the user at the remote computer.

FIG. 1 is a block diagram illustrating a network architecture of a remote identity and presence verification system, in accordance with one embodiment of the present invention. FIG. 1 shows a server 102 and a database 104 connected to the network 106, which may be the Internet. The database 104 may house user information, such as contact information, user credentials, user records, and financial or payment information, for a plurality of users. Each user's record may also include a unique identifier for his digital key. For example, user 130 may use his computer 132 to enter his credentials, contact information, unique identifier and payment information into the database 104. The computer 132 may be a desktop, laptop, tablet, netbook, smartphone or the like.

FIG. 1 also shows that the user 130 may use a digital key 135, which may interface with the computer 132. The digital key 135 may be a security token (otherwise called a hardware token, authentication token, USB token, cryptographic token, or key fob), which is a physical device given to an authorized user of the server 102 to ease authentication. Security tokens are used to prove one's identity electronically. Some security tokens store cryptographic keys, such as passwords, a digital signature, or biometric data.

In one embodiment, the digital key 135 comprises a YubiKey, manufactured by Yubico, which is a device that acts as a USB keyboard and provides secure authentication by a one-time password that is encrypted using the AES encryption algorithm with a 128-bit key. The Yubikey has four modes of operation including Standard Yubico 12 character ID+32 character OTP, OATH 6 or 8 digit OTP for use with third party OATH servers, Static pass code including 1-64 character for legacy login applications, and challenge-response functionality using client software.

The method of the present invention begins with a user 130 using his computer 132 to log onto server 102 over the network 106 using his credentials. The user 130 may utilize a specialized secure web browser to log in and interact with server 102. An encrypted key may be read from the digital key 135 and transmitted to the server 102. In one embodiment, a password or key is automatically written into a browser text field when the user 130, upon being prompted, presses a button on the digital key 135. Encrypted data may be read from the digital key 135 and transmitted to the server 102 at random intervals.

Upon receiving an encrypted key, the server 102 decrypts the data and stores it. The specialized web browser may capture behavioral data of the user 130 and other data, such as session identifiers, a number of times the digital key has powered up, a session count, user names, time deltas between events, and device identifiers. The web browser may also send the behavioral and other data to the server 102 at certain time intervals. The behavioral and other data may be used to determine the actual presence of the user 130 at the computer 132.

In one embodiment of the present invention, when a user 130 enters a portion of the web site that requires additional verification, such as a quiz or a test, the user 130 is presented with a popup window requesting a phone number and a pin number. When the user 130 calls the number the user 130 will be instructed to enter the pin number. After entering the pin number the popup window text will change displaying a random message to record via voice. After recording the voice message the popup window will show a textbox to enter an encrypted key from the digital key 135, such as the Yubico key. The information from the encrypted key and voice recording is stored in database 104 for an administrator or instructor to view or analyze. The voice recording may also be analyzed with voice analyzing software.

Although specific embodiments of the invention have been disclosed, those having ordinary skill in the art will understand that changes can be made to the specific embodiments without departing from the spirit and scope of the invention. The scope of the invention is not to be restricted, therefore, to the specific embodiments. Furthermore, it is intended that the appended claims cover any and all such applications, modifications, and embodiments within the scope of the present invention.

RELATED U.S. PATENT DOCUMENTS

Application Number Filing Date 61/528,024 Aug. 26, 2011 61/405,643 Oct. 21, 2010

PARENT CASE TEXT

This application is a continuation application and claims priority to U.S. provisional application No. 61/528,024, entitled “REMOTE VERIFICATION OF USER PRESENCE AND IDENTITY” filed on Aug. 26, 2011, which claims priority to U.S. provisional application No. 61/405,643, entitled USB Device coupled to a Decision-making system. System, method, and computer program product for authenticating into a website with microcontroller, filed on Oct. 21, 2010.

REFERENCES CITED

Ser. No. 11/105,962

APPARATUS AND METHOD FOR COMPUTER BASED EXAMINATIONS.

Ser. No. 11/734,149

SYSTEM FOR AND METHODS OF STORING AND COMPARING COMPUTER GENERATED CONTINUOUS VECTOR LINES THROUGH A NON-SECURE OR A SECURE COMMUNICATION CHANNEL.

Ser. No. 12/287,336

METHODS FOR PERFORMING SECURE ON-LINE TESTING WITHOUT PRE-INSTALLATION OF A SECURE BROWSER.

Ser. No. 12/674,142

DEVICE AND METHOD FOR GENERATING DYNAMIC CREDIT CARD DATA. 

1. A system for verifying presence and identity of a user on a remote computer, comprising: a server connected to a networked communication system; a remote computer including an interface for a digital key, wherein the remote computer is connected to the networked communication system; a digital key that connects to the remote computer via the interface, wherein the digital key contains an encrypted key; a processor on the remote computer for reading digital key from the digital key and transmitting the encrypted key to the server over the networked communications system; and a computer program executing on the remote computer that captures behavioral data of the user and transmits the behavioral data to the server over the networked communications system.
 2. The system of claim 1, wherein the server further comprises a database for storing user records and user credentials.
 3. The system of claim 2, wherein the interface on the remote computer for the digital key comprises a USB port.
 4. The system of claim 3, wherein the digital key comprises a device that acts as a USB keyboard and provides secure authentication by a one-time password.
 5. The system of claim 4, wherein the behavioral data recorded includes: session identifiers, a number of times the digital key has powered up, a session count, user names, time deltas between events, and device identifiers.
 6. A method for verifying presence and identity of a user on a remote computer, comprising: receiving, by a remote computer connected to the networked communication system, an encrypted key from a digital key connected to an interface of the remote computer; reading, by a processor on the remote computer, the encrypted key from the digital key; transmitting, by the processor, the encrypted key to the server over the networked communications system; capturing, by a computer program executing on the remote computer, behavioral data of the user; and transmitting, by the computer program, the behavioral data of the user to the server over the networked communications system. 